Filtered by vendor Dnnsoftware
Subscriptions
Total
36 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32372 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 6.5 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks. This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls. This vulnerability is fixed in 9.13.8. | ||||
| CVE-2025-32373 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 6.5 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8. | ||||
| CVE-2025-32374 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-08-26 | 5.9 Medium |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Possible denial of service with specially crafted information in the public registration form. This vulnerability is fixed in 9.13.8. | ||||
| CVE-2022-2922 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-05-20 | 4.9 Medium |
| Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | ||||
| CVE-2022-47053 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-02-10 | 5.4 Medium |
| An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file. | ||||
| CVE-2021-40186 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 6.5 Medium |
| The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services. | ||||
| CVE-2021-31858 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 5.4 Medium |
| DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload. | ||||
| CVE-2020-5188 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 6.5 Medium |
| DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | ||||
| CVE-2020-5187 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 8.8 High |
| DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | ||||
| CVE-2020-5186 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 5.4 Medium |
| DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). | ||||
| CVE-2020-11585 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 4.3 Medium |
| There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter. | ||||
| CVE-2019-12562 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 6.1 Medium |
| Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to the server, etc. Successful exploitation occurs when an admin user visits a notification page with stored cross-site scripting. | ||||
| CVE-2018-18326 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 7.5 High |
| DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812. | ||||
| CVE-2018-15812 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 7.5 High |
| DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. | ||||
| CVE-2018-14486 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | N/A |
| DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. | ||||
| CVE-2017-0929 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | N/A |
| DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. | ||||